Help Center Home > Apple > Un-Enroll Devices from MDM

Un-Enroll Devices from MDM

This article discusses how to un-enroll individual devices from JumpCloud MDM and how to remove JumpCloud MDM from an organization, which will un-enroll all devices in the organization.

Important:

Removing the JumpCloud MDM Enrollment Policy from a device does not remove the enrollment profile.

Tip:

If the device is subject to the MDM Enrollment Policy, removing the profile manually or via command will not be permanent. The device will receive the MDM profile again once the agent checks in again. However, this profile will not be auto-approved. If the device is to remain un-enrolled, the JumpCloud MDM Enrollment policy will need to be unbound from the device.

Removing the MDM Configuration from a Device

There are two ways to remove the MDM configuration from a device: via the JumpCloud API, or directly on the device via System Settings (System Preferences on macOS 12 and earlier).

Via JumpCloud API

You can remove the MDM configuration from a device using the JumpCloud V2 API. See JumpCloud V2 API Docs.

You'll need 3 values to complete this method:

  • JumpCloud API Key
  • MDM ID – this is the identifier of your organization’s MDM configuration.
  • MDM Device ID – this is the identifier unique to each device enrolled in MDM.

To gather the required values and remove the JumpCloud MDM Enrollment Profile from a device via the API:

  1. Obtain your API key from the JumpCloud Admin Portal. See Obtaining Your API Key.
  2. In the macOS Terminal, insert your API key into the command below and run it to gather your MDM ID:

curl https://console.jumpcloud.com/api/v2/applemdms \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: INSERT_API_KEY_HERE'

Note:

The MDM ID is the value in quotes after [{"id":"

  1. Next, obtain the MDM Device ID:
    1. Log in to the JumpCloud Admin Portal.
    2. Go to DEVICE MANAGEMENT > Devices.
    3. Click the desired device from the Devices list.
    4. Go to the Insights tab and scroll down to Device Info.
    5. Copy the JumpCloud MDM ID.
  2. Now you can remove MDM enrollment for the specified device by launching the macOS Terminal and inserting the gathered values into the following command:

curl -X DELETE https://console.jumpcloud.com/api/v2/applemdms/INSERT_MDM_ID_HERE/devices/INSERT_MDM_DEVICE_ID_HERE \
-H 'accept: application/json' \
-H 'x-api-key: INSERT_API_KEY_HERE'

  1. Restart the device to ensure removal of the JumpCloud MDM enrollment profile.

Via System Settings or System Preferences

You can remove the MDM configuration manually on a device from System Settings (macOS 13 Ventura and newer) or System Preferences (macOS 12 Monterey and prior).

Important:

This method works only for devices that are user enrolled. See Add Company-Owned Apple Devices to MDM with Device Enrollment.

Devices enrolled with Apple's Automated Device Enrollment (ADE) cannot be removed using the following method. ADE devices must be removed either via the API, or by deleting the device from JumpCloud entirely (which also removes the JumpCloud Agent).

To remove the enrollment profile on macOS 13 Ventura and later:

  1. Go to System Settings > Privacy and Security Profiles to view the MDM Enrollment profile. 
  2. As an admin user on the device, select the MDM Enrollment Profile in the list and click the “” button to remove it.

To remove the enrollment profile on macOS 12 Monterey and earlier:

  1. Go to System Preferences > Profiles to view the MDM Enrollment profile. 
  2. As an admin user on the device, select the MDM Enrollment Profile in the list and click the “” button to remove it.

Removing the MDM Configuration from an Organization

Considerations:

Removing the MDM Configuration will result in loss of access to MDM features, including:

  • Security Commands
  • Patch Management

Warning:

This will remove the JumpCloud MDM profile from ALL devices in the organization! Deleting the MDM Configuration from your organization will bulk un-enroll ALL devices at their next check-in with JumpCloud.

To remove a single device from MDM, follow the steps above for removing the MDM profile from an individual device.

  1. Log in to the JumpCloud Admin Portal.
  2. Go to DEVICE MANAGEMENT > MDM in the left menu.
  3. Click the Delete button under MDM Configuration.
  4. To confirm, enter the amount of macOS and iOS devices that will be removed from MDM management.
  5. Click Delete MDM Configuration.
Back to Top

List IconIn this Article

Notebook IconLearn More

Set up Apple MDM

Add Company-Owned Apple Devices to MDM with Device Enrollment

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case